David Muir Sharnoff > SyslogScan-Daemon-SpamDetector > SyslogScan::Daemon::SpamDetector::SpamSink

Download:
modules/SyslogScan-Daemon-SpamDetector-0.56.tar.gz

Dependencies

Annotate this POD

View/Report Bugs
Source  

NAME ^

 SyslogScan::Daemon::SpamDetector::SpamSink - notice messages sent to a honeypot

SYNOPSIS ^

 plugin SyslogScan::Daemon::SpamDetector as sd_

 sd_plugin SyslogScan::Daemon::SpamDetector::SpamSink
        debug 0
        logfile /var/log/mail.info

DESCRIPTION ^

Watch the system log files for message sent to spam honeypots.

It looks for the following kind of message line:

 $Date \S+ spamsink: Message-I[dD]: <.*?>

Lines like this can be generate by forwarding mail to a program like:

 #!/bin/sh 
 perl -e '
        $x = <>; 
        while (<>) { 
                last if /^$/; 
                next unless /^(Message-I[dD]: .*)/; 
                $y = $1; 
        } 
        print "$y\n" 
                if      $x =~ /\@/ 
                        && $y =~ /\@/ 
                        && $x !~ /mailer-daemon/i 
                        && $x !~ /postmaster/ ; 
 ' | /usr/bin/logger -p mail.info -t spamsink

CONFIGURATION PARAMETERS ^

The following configuration parameters are supported:

debug

Debugging on (1) or off (0).

logfile

Which logfile to watch (default: /var/log/syslog).

SEE ALSO ^

SyslogScan::Daemon::SpamDetector

THANK THE AUTHOR ^

If you need high-speed internet services (T1, T3, OC3 etc), please send me your request-for-quote. I have access to very good pricing: you'll save money and get a great service.

LICENSE ^

Copyright(C) 2006 David Muir Sharnoff <muir@idiom.com>. This module may be used and distributed on the same terms as Perl itself.

syntax highlighting: